Experts at Travelers Institute Cyber Symposia Highlight Five Key Practices to Increase Your Cyber Readiness
As cyber threats continue to evolve, organizations of all types and sizes are targets of increasingly sophisticated attacks. To help raise awareness about the importance of cyber readiness, the Travelers Institute hosts live, in-person educational symposia across the United States as part of our Cyber: Prepare, Prevent, Mitigate, Restore® initiative.
Our own cyber experts from Travelers are joined by leaders from the federal government’s Cybersecurity and Infrastructure Security Agency (CISA) and Mullen Coughlin, a law firm focused on data privacy and cyber incident response services, for a panel discussion.
Together, these public and private sector cyber experts help businesses and organizations by explaining the current threat landscape and providing strategies for preparing for and responding to a cyber incident. Take a deep dive into the five key practices that organizations can implement today to increase cyber preparedness, and get tips from our expert partners on:
Cyber: Prepare, Prevent, Mitigate, Restore in Lombard, IL
Maximizing System Security with Multifactor Authentication
Multifactor authentication (MFA) is an imperative extra layer of security when accessing accounts. To verify a user’s identity prior to granting access, MFA uses authentication factors that fall into at least two of three categories: something you know (like a username and password), something you have (like a one-time code texted to your phone or from an authenticator app on your device) and something that verifies who you are (like a fingerprint or an eye scan).
“MFA must be on every device and used every time you connect,” Ken Morrison, Travelers Assistant Vice President, Cyber Risk Management, said at our cyber symposium in Tampa.
“If an attacker has your user ID and password and you don’t have MFA, that’s all they need to get into your systems,” Rehman Khan, Travelers Assistant Vice President, Cyber Risk Management, stressed at our cyber symposium in Nashville. “MFA should be applied for anything you don’t want an attacker to do on your network.”
Read more: Implementing Multifactor Authentication, the First Line of Defense
Cyber: Prepare, Prevent, Mitigate, Restore in Nashville, TN
Securing Your Network with System Updates
Attackers often gain access to systems by exploiting vulnerabilities like flaws in software. Once inside a network, they aim to gain administrative rights to launch further attacks.
“In simple terms, every organization uses applications and tools,” Jennifer Coughlin, Founding Partner at Mullen Coughlin, explained at our cyber symposium in San Antonio. “Those tools and applications can experience vulnerabilities or holes that need to be managed and patched to ensure the continuous security of the application.”
Organizations should have a regular patching program as part of their overall cybersecurity processes, Lynda Jensen, Partner at Mullen Coughlin, stressed at our cyber symposium in Greater Chicago. “However, if it is being publicly announced that there is a vulnerability that needs to have a patch on it, the attackers know about it too and that needs to be taken care of immediately,” she said.
Read more: Maintaining Cybersecurity by Keeping Systems Up to Date
Cyber: Prepare, Prevent, Mitigate, Restore in San Antonio, TX
Enhancing Your Defenses with Endpoint Detection and Response
An endpoint detection and response (EDR) solution is more sophisticated than traditional antivirus software, checking both software and user behavior on a system. It watches what users do and can stop suspicious activity, triggering alerts.
EDR is a tool that monitors all your systems, endpoint to endpoint, laptop to laptop. Travelers AVP of Cyber Risk Management Rehman Khan added, “Once a virus or anomaly is detected, it has the intelligence to respond by quarantining files, isolating your assets and turning off ports. EDR automates a lot of the response.”
“With regular antivirus software, there is a library of known malicious code, but EDR monitors the network and proactively stops bad activity that generally won’t be detected by antivirus software,” said John Menefee, Travelers CyberRisk Product Manager.
“Traditional antivirus software looks at the files on your computer and if it saw something that it didn’t like, it would flag it,” Ken Morrison, Travelers Assistant Vice President, Cyber Risk Management, further explained. “EDR does exponentially more. It’s looking at behavior and at files that are being created and deleted. Not only will it alert you, but it can shut down a computer or a network and provide more of an opportunity to defend against a cyberattack.”
Read more: Leveraging Endpoint Detection and Response in Cyber Risk Management
Cyber: Prepare, Prevent, Mitigate, Restore in St. Louis, MO
Implementing Secure Practices with an Incident Response Plan
When a cyberattack occurs, it’s important that organizations have an incident response plan (IRP) in place so they know the steps to take to recover. “Having an incident response plan is crucial,” said Brian Yoshino of CISA. “Your incident response plan does not have to be perfect. An IRP is one of the lowest-cost, highest-impact, lowest-complexity things you can do to increase your cyber readiness.”
And you don’t have to create the plan from scratch. Yoshino explained, “This document cannot only exist in digital form. You need a physical copy that says ‘when this happens, we do this. This is who is responsible.’ This is a business document; this is not an IT document.”
“People should be aware of the physical location of the plan and how to take action. Be very precise and crystal clear with the roles and who will execute what,” explained Julius Gamble, CISA Regional Director, Region 4, at our Tampa symposium. “Make sure that you’re not assigning all the incident response tasks to one person,” Sean McCloskey, CISA Chief of Cybersecurity, Region 4, said at our Nashville event.
Read more: The Importance of Having an Incident Response Plan
Cyber: Prepare, Prevent, Mitigate, Restore in Tampa, FL
Building Cyber Resiliency with Backups
If your organization suffers a cyberattack, restoring the systems and files crucial for your operations and getting your business running again is imperative.
“Knowing you have sound, tested and complete backups is an incredible comfort when you suffer a cyber incident,” CISA’s Brian Yoshino said. “The return on investment is huge. A good backup strategy can protect you from accidental deletion, software or hardware malfunction, natural disaster and cyberattack.”
Backups should be frequent, regular and systematic. Inventory your data to decide how and how frequently the data should be backed up. Remember, storing data and backing it up are different. Storing data keeps your files safe and accessible. Backing up data means making copies in another place, separate from where you store your data.
Read more: Back Up Your Data, Save Your Organization
Cybersecurity Preparedness Is Crucial in Fighting Cyberattacks
“I think one of the most critical things you can take away from this is to arm your employees with knowledge and get them involved in the cybersecurity conversation early and often because they are the first line of defense for you,” said Mullen Coughlin’s Carolyn Purwin Ryan.
“You can’t control threats, but you can control the likelihood of that threat being realized. And if it does happen, when you’re prepared, you can reduce the impact,” stressed CISA’s Tony Collings.
For more information, visit our cyber readiness hub for cyber resources and to find a cyber education tour stop near you.
Related Content
Using Travelers Cyber Readiness Practices to Defend Against the Three P’s
With so many means of attack available to cyber threat actors, organization and IT leaders must understand how attacks happen.
Find a Live Cyber Event Near You
Attend a live event to learn more from government and industry experts about evolving cyber threats and how you can protect your organization.